Application Security Engineer

closed
dLocal Logo

dLocal

πŸ“Remote - Brazil, Uruguay

Summary

The job is for a Security Engineer at dLocal, a global team that simplifies payment expansion in emerging markets. The role involves implementing a software assurance model, performing security design reviews, code reviews, and triaging security vulnerabilities. The position offers flexible work culture with travel, health, learning benefits, among others.

Requirements

  • Strong proficiency in at least one programming language like Java and/or NodeJS and also knowledge in any scripting languages
  • Hands-on experience working with developers in building a software assurance model
  • Demonstrate the ability to manually fix/mitigate security flaws on web applications and APIs code-level
  • Experience designing secure web services, APIs and microservice architectures
  • Familiarity with threat modeling frameworks in cloud-base environments (OWASP, STRIDE, MITRE, etc)
  • Experience with application/development security tools including but not limited to: Burp Suite, Qualys/WAS (or similar), Checkmarx (or similars), Bitbucket (or similars), Jenkins, Docker, etc)
  • Familiarity with implementation and maintenance of SAST/DAST/IAST/SCA security sensors in a development pipeline
  • In-depth knowledge of OWASP10, SANS25 and other world-known application security frameworks
  • Understanding of a complete SDLC and how to make it secured (S-SDLC)
  • Familiarity with Cloud platforms (AWS or equivalent)
  • Ability to lead people to problem resolution when it comes to Security (Integrate teams, specially Engineering Team)
  • Effective written and oral communication involving both business and technical sides of the business
  • Quickly identify issues and solve them
  • Ability to present technical risks to broader audience (both written and spoken)

Responsibilities

  • Implement a software assurance model
  • Perform security design reviews for new features and product releases
  • Perform code reviews and advise developers on remediation techniques
  • Design controls to detect and respond to common attacks on our platform
  • Triage and respond to external inquiries around security vulnerabilities
  • Facilitate internal training on various security topics to raise awareness and interest

Preferred Qualifications

  • Certified in any related security development certifications like CSSLP, CASE or others
  • Exposure to PCI-DSS framework or any other relevant security standard will be valued
  • Extensive knowledge of security architectures, both monoliths and microservices, including how they are developed and operate at scale
  • Have had developed a personal or enterprise software/script with focus on security (exploitation of vulnerabilities, hardening automation, API integration for security)

Benefits

  • Flexible work culture
  • Travel
  • Health benefits
  • Learning benefits
This job is filled or no longer available